![]() ![]() (Phishing is the second.) You mustn't trade off this real threat against the theoretical possibility of an attack if you don't practice good security on your devices. Credential stuffing is the number one attack against user accounts in 2022. If you have random passwords everywhere to avoid the real risk of credential stuffing, you stand to lose a lot if you lose that storage.Īgain, you don't have a choice. If you have bad device security, an attacker will have that access even if you don't have a password manager.Īnd even gives them the opportunity to lock you out of your own vault?Īnother one of my soapboxes: your credential store needs good backups. Failure to perform proper device security is the root problem.ĭoesn’t that give them access to literally everything Anything from someone scraping your browser cookies and autofill history to a flat out keylogger can allow aj attacker to exfiltrate your secrets.ĭo you see? Use of a password manager doesn't really make the problem worse. If someone breaks into your device, you have a world of hurt, and a password manager does not make the problem worse. Point two is that a password manager does not relieve you of the responsibility for good opsec. ![]() If you were to get your computer or phone compromised You have no choice you must have a system of record, and a password manager is the safest way to keep and use your passwords. People reuse passwords, an attacker acquires the username/password list from one of your services and then attempts using your username and password (plus variations) on every website they can think of. This is the major way accounts are "compromised" in 2022 - credential stuffing. ![]() If you don't have a system of record, you will do much worse things such as reusing a password or variations on a few passwords. It seems like you are essentially putting all your eggs in one basket right? ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |